summaryrefslogtreecommitdiff
path: root/regress/usr.bin/ssh
diff options
context:
space:
mode:
authorDamien Miller <djm@cvs.openbsd.org>2014-04-21 22:15:38 +0000
committerDamien Miller <djm@cvs.openbsd.org>2014-04-21 22:15:38 +0000
commite9cbdcece947a3076562ddbb8984f315a6cb6aac (patch)
tree68a5af0ba445714262c2552f1564dd8effb1fdbf /regress/usr.bin/ssh
parentefa18eb98aea7fe0e0cd74af0a4854140349c341 (diff)
repair regress tests broken by server-side default cipher/kex/mac changes
by ensuring that the option under test is included in the server's algorithm list
Diffstat (limited to 'regress/usr.bin/ssh')
-rw-r--r--regress/usr.bin/ssh/dhgex.sh6
-rw-r--r--regress/usr.bin/ssh/integrity.sh7
-rw-r--r--regress/usr.bin/ssh/kextype.sh7
-rw-r--r--regress/usr.bin/ssh/rekey.sh20
-rw-r--r--regress/usr.bin/ssh/try-ciphers.sh7
5 files changed, 37 insertions, 10 deletions
diff --git a/regress/usr.bin/ssh/dhgex.sh b/regress/usr.bin/ssh/dhgex.sh
index 4c1a3d83cec..57fca4a32e9 100644
--- a/regress/usr.bin/ssh/dhgex.sh
+++ b/regress/usr.bin/ssh/dhgex.sh
@@ -1,10 +1,11 @@
-# $OpenBSD: dhgex.sh,v 1.1 2014/01/25 04:35:32 dtucker Exp $
+# $OpenBSD: dhgex.sh,v 1.2 2014/04/21 22:15:37 djm Exp $
# Placed in the Public Domain.
tid="dhgex"
LOG=${TEST_SSH_LOGFILE}
rm -f ${LOG}
+cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
kexs=`${SSH} -Q kex | grep diffie-hellman-group-exchange`
@@ -14,6 +15,9 @@ ssh_test_dhgex()
cipher="$1"; shift
kex="$1"; shift
+ cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
+ echo "KexAlgorithms=$kex" >> $OBJ/sshd_proxy
+ echo "Ciphers=$cipher" >> $OBJ/sshd_proxy
rm -f ${LOG}
opts="-oKexAlgorithms=$kex -oCiphers=$cipher"
groupsz="1024<$bits<8192"
diff --git a/regress/usr.bin/ssh/integrity.sh b/regress/usr.bin/ssh/integrity.sh
index 32be98fad15..2625edc64d6 100644
--- a/regress/usr.bin/ssh/integrity.sh
+++ b/regress/usr.bin/ssh/integrity.sh
@@ -1,7 +1,8 @@
-# $OpenBSD: integrity.sh,v 1.12 2013/11/21 03:18:51 djm Exp $
+# $OpenBSD: integrity.sh,v 1.13 2014/04/21 22:15:37 djm Exp $
# Placed in the Public Domain.
tid="integrity"
+cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
# start at byte 2900 (i.e. after kex) and corrupt at different offsets
# XXX the test hangs if we modify the low bytes of the packet length
@@ -28,11 +29,15 @@ for m in $macs; do
# avoid modifying the high bytes of the length
continue
fi
+ cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
# modify output from sshd at offset $off
pxy="proxycommand=$cmd | $OBJ/modpipe -wm xor:$off:1"
if ssh -Q cipher-auth | grep "^${m}\$" >/dev/null 2>&1 ; then
+ echo "Ciphers=$m" >> $OBJ/sshd_proxy
macopt="-c $m"
else
+ echo "Ciphers=aes128-ctr" >> $OBJ/sshd_proxy
+ echo "MACs=$m" >> $OBJ/sshd_proxy
macopt="-m $m -c aes128-ctr"
fi
verbose "test $tid: $m @$off"
diff --git a/regress/usr.bin/ssh/kextype.sh b/regress/usr.bin/ssh/kextype.sh
index 8c2ac09d66d..6f952f4e4ac 100644
--- a/regress/usr.bin/ssh/kextype.sh
+++ b/regress/usr.bin/ssh/kextype.sh
@@ -1,4 +1,4 @@
-# $OpenBSD: kextype.sh,v 1.4 2013/11/07 04:26:56 dtucker Exp $
+# $OpenBSD: kextype.sh,v 1.5 2014/04/21 22:15:37 djm Exp $
# Placed in the Public Domain.
tid="login with different key exchange algorithms"
@@ -7,6 +7,11 @@ TIME=/usr/bin/time
cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak
+# Make server accept all key exchanges.
+ALLKEX=`ssh -Q kex`
+KEXOPT=`echo $ALLKEX | tr ' ' ,`
+echo "KexAlgorithms=$KEXOPT" >> $OBJ/sshd_proxy
+
tries="1 2 3 4"
for k in `${SSH} -Q kex`; do
verbose "kex $k"
diff --git a/regress/usr.bin/ssh/rekey.sh b/regress/usr.bin/ssh/rekey.sh
index cf9401ea014..fd452b03451 100644
--- a/regress/usr.bin/ssh/rekey.sh
+++ b/regress/usr.bin/ssh/rekey.sh
@@ -1,4 +1,4 @@
-# $OpenBSD: rekey.sh,v 1.14 2013/11/21 03:18:51 djm Exp $
+# $OpenBSD: rekey.sh,v 1.15 2014/04/21 22:15:37 djm Exp $
# Placed in the Public Domain.
tid="rekey"
@@ -6,14 +6,22 @@ tid="rekey"
LOG=${TEST_SSH_LOGFILE}
rm -f ${LOG}
+cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
# Test rekeying based on data volume only.
# Arguments will be passed to ssh.
ssh_data_rekeying()
{
+ _kexopt=$1 ; shift
+ _opts="$@"
+ if ! test -z "$_kexopts" ; then
+ cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
+ echo "$_kexopt" >> $OBJ/sshd_proxy
+ _opts="$_opts -o$_kexopt"
+ fi
rm -f ${COPY} ${LOG}
- ${SSH} <${DATA} -oCompression=no $@ -v -F $OBJ/ssh_proxy somehost \
- "cat > ${COPY}"
+ _opts="$_opts -oCompression=no"
+ ${SSH} <${DATA} $_opts -v -F $OBJ/ssh_proxy somehost "cat > ${COPY}"
if [ $? -ne 0 ]; then
fail "ssh failed ($@)"
fi
@@ -41,7 +49,7 @@ done
for opt in $opts; do
verbose "client rekey $opt"
- ssh_data_rekeying -oRekeyLimit=256k -o$opt
+ ssh_data_rekeying "$opt" -oRekeyLimit=256k
done
# AEAD ciphers are magical so test with all KexAlgorithms
@@ -49,14 +57,14 @@ if ${SSH} -Q cipher-auth | grep '^.*$' >/dev/null 2>&1 ; then
for c in `${SSH} -Q cipher-auth`; do
for kex in `${SSH} -Q kex`; do
verbose "client rekey $c $kex"
- ssh_data_rekeying -oRekeyLimit=256k -oCiphers=$c -oKexAlgorithms=$kex
+ ssh_data_rekeying "KexAlgorithms=$kex" -oRekeyLimit=256k -oCiphers=$c
done
done
fi
for s in 16 1k 128k 256k; do
verbose "client rekeylimit ${s}"
- ssh_data_rekeying -oCompression=no -oRekeyLimit=$s
+ ssh_data_rekeying "" -oCompression=no -oRekeyLimit=$s
done
for s in 5 10; do
diff --git a/regress/usr.bin/ssh/try-ciphers.sh b/regress/usr.bin/ssh/try-ciphers.sh
index ac34cedbf91..2881ce16c13 100644
--- a/regress/usr.bin/ssh/try-ciphers.sh
+++ b/regress/usr.bin/ssh/try-ciphers.sh
@@ -1,13 +1,18 @@
-# $OpenBSD: try-ciphers.sh,v 1.22 2013/11/21 03:18:51 djm Exp $
+# $OpenBSD: try-ciphers.sh,v 1.23 2014/04/21 22:15:37 djm Exp $
# Placed in the Public Domain.
tid="try ciphers"
+cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
+
for c in `${SSH} -Q cipher`; do
n=0
for m in `${SSH} -Q mac`; do
trace "proto 2 cipher $c mac $m"
verbose "test $tid: proto 2 cipher $c mac $m"
+ cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
+ echo "Ciphers=$c" >> $OBJ/sshd_proxy
+ echo "MACs=$m" >> $OBJ/sshd_proxy
${SSH} -F $OBJ/ssh_proxy -2 -m $m -c $c somehost true
if [ $? -ne 0 ]; then
fail "ssh -2 failed with mac $m cipher $c"